RockYou’s Emote on Plaxo

by theharmonyguy on November 6th, 2007

Date: Friday, November 2, 2007

Initial hack: 45 minutes

Vulnerabilities:

  • Able to change current Emote status for any user
  • Able to access Emote history and current status for any user
  • Able to insert HTML, including JavaScript, into Emote pages

Coverage: TechCrunch

Progress: Plaxo has removed Emote from their whitelist.  As of Nov. 6, Emote remains unpatched.

  • Facebook
  • StumbleUpon
  • Digg
  • Twitter
  • Instapaper
  • FriendFeed
  • Delicious
  • Google Bookmarks
  • Share/Bookmark

From OpenSocial

8 Comments
  1. Jean-Marie Le Ray permalink

    Hi HarmonyGuy,

    Well done! Who better than you would be able to build a wonderful app for Facebook and OpenSocial.
    If you’re interested, you can contact me by email, I’ve got an app idea and ‘m searching for a developer.
    Best regards,
    Jean-Marie

  2. salman permalink

    You are obviously a very skilled developer. I am looking to build applications for my website for facebook and open social networking. Looking forward to hearing from you soon.

  3. omar permalink

    now it’s at myspace x.x.. Heroes apps

Trackbacks & Pingbacks

  1. OpenSocial Hacked Again
  2. Ajax Girl » Blog Archive » OpenSocial Hacked Again
  3. NexGen Technology Blog » OpenSocial Hacked Again
  4. OpenSocial Hacked Again | GOSSIP
  5. OpenSocial Hacked Again at Geekstr

Leave a Reply

Note: XHTML is allowed. Your email address will never be published.

Subscribe to this comment feed via RSS